Attacks/Breaches
4/26/2013
11:23 AM
Connect Directly
RSS
E-Mail
50%
50%

Anonymous Australia Disavows Self-Proclaimed LulzSec Leader

Australian police trumpet hacktivist mastermind takedown, but Anonymous dismisses him as a wannabe.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Australian police this week arrested IT professional Matt Flannery, 24, on charges of defacing a government website.

According to the police charges, Flannery (aka "Aush0k") "attacked and defaced a government website" and accessed one or more sites without authorization.

The Australian Federal Police (AFP) said his arrest resulted from a two-week investigation that commenced after a government website had been defaced. "This individual was operating from a position of trust who had access to sensitive information from clients including government agencies," said the AFP's manager of cybercrime operations commander, Glen McEwen, in a Wednesday press briefing. "The AFP believes this man's skill sets and access to this type of information presented a considerable risk for Australian society."

McEwan said Flannery had also boasted that he was the leader of the Anonymous hacktivist offshoot group known LulzSec. The police force earlier this week issued a press release trumpeting that Flannery was "the first member of the group to be charged by the AFP."

Australia Anonymous, however, quickly dismissed Flannery's claims of a leadership role in LulzSec: "Nope not part of the usual suspects on any of our chans of communication I suspect some DDos skid on his mums win box," read a tweet issued by the group. Other Anonymous channels, meanwhile, took to tweeting what was labeled as a link to the real leader of LulzSec, which resolved to a picture of a kitten.

[ Legislation can't stop hacktivists. Read Laws Can't Save Banks From DDoS Attacks. ]

According to police, Flannery worked for Content Security, an Australian reseller of products made by Tenable Network Security, which develops Nessus vulnerability scanning software. Content Security officials said they had no knowledge of the attacks allegedly launched by Flannery. Tenable, meanwhile, said it didn't employ Flannery. "Matt Flannery is not and has never been an employee of Tenable Network Security," according to a Wednesday tweet from Tenable.

If convicted on all charges relating to the alleged government website defacement, Flannery faces up to 12 years in prison.

In related LulzSec news, last week Cody Kretsinger (aka Recursion), 25, was sentenced to one year in prison, after pleading guilty in April 2012 to two charges relating to his participation in a SQL injection attack against the Sony Pictures Entertainment website. Kretsinger also admitted to using the LulzSec website and Twitter to post 150,000 stolen Sony usernames and passwords. Following his prison sentence, Kretsinger will be required to serve one year's home detention, perform 1,000 hours of community service and pay $605,663 in restitution.

Also this month, fellow LulzSec participant member Ryan Ackroyd (aka Kayla), 26, pleaded guilty in a London courtroom to one charge relating to disrupting numerous websites in 2011, including the Arizona State Police and 20th Century Fox sites. Also this month, Jake Davis (aka topiary), 20, and Mustafa al-Bassam (aka Tflow), 18, pleaded guilty in a London courtroom to launching website attacks against the CIA, Britain's Serious Organized Crime Agency and National Health Service, as well as News International, 20th Century Fox and Sony Pictures Entertainment. Ackroyd, Davis and al-Bassam are due to be sentenced next month.

People are your most vulnerable endpoint. Make sure your security strategy addresses that fact. Also in the new, all-digital How Hackers Fool Your Employees issue of Dark Reading: Effective security doesn't mean stopping all attackers. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2363
Published: 2014-07-26
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.

CVE-2014-3071
Published: 2014-07-26
Cross-site scripting (XSS) vulnerability in the Data Quality Console in IBM InfoSphere Information Server 11.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL for adding a project connection.

CVE-2014-3301
Published: 2014-07-26
The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned messages, aka Bug ID CSCuj81700.

CVE-2014-3305
Published: 2014-07-26
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors, aka Bug ID CSCuj81735.

CVE-2014-3324
Published: 2014-07-26
Multiple cross-site scripting (XSS) vulnerabilities in the login page in the administrative web interface in Cisco TelePresence Server Software 4.0(2.8) allow remote attackers to inject arbitrary web script or HTML via a crafted parameter, aka Bug ID CSCup90060.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.